Endpoint Cybersecurity GmbH
- Beyond “Move Fast and Fail Fast”: Balancing Speed, Security, and … Sanity in Software Development (with Podcast)
- Project management with Scrum (with Podcast)
- Comparing “Records of Processing Activities” (ROPA) and “Data Protection Impact Assessments” (DPIA) (with Podcast)
- AI vs. (secure) software developers
- Accelerating feature delivery in software development
- How-To create Security User Stories
- Delivering secure software in an agile way
- Understanding Defense in Depth in IT Security
- ISO 27001:2022 and TISAX: overlaps and differences
- Understanding the SOC 2 Certification
Executive summary: NIS2 Directive for the EU members (updated)
/in EducationalThe NIS 2 Directive is a set of cybersecurity guidelines and requirements established by the European Union (EU) . It replaces and repeals the NIS Directive (Directive 2016/1148/EC) . The full name of the directive is “Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common […]
NIS-2: 10 common misconceptions about the regulation
/in EducationalWe wrote here about NIS2 and we will continue to add more content about it. Because we are getting closer to October 17th, many people are getting more and more nervous about NIS2. Despite its significance, there are numerous misconceptions and misinterpretations circulating about the scope and implications of this regulation. This article aims to […]
Implementing ISO 27001:2022 Annex A.15 – Supplier Relationships
/in EducationalWe started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.15, “Supplier Relationships”, which is crucial for organizations in order to ensure the security of information assets shared with external suppliers. This annex provides guidelines for managing supplier relationships effectively to mitigate […]
Understanding ISO 27001:2022 Annex A.14 – System Acquisition, Development, and Maintenance
/in EducationalWe started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.14, “System Acquisition, Development, and Maintenance”, which addresses the importance of ensuring the security of information systems throughout their lifecycle, from acquisition and development to maintenance and disposal. This annex provides […]
Understanding ISO 27001:2022 Annex A.13 – Communications Security
/in EducationalWe started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.13, “Communications Security”, which addresses the importance of securing information during its transmission over communication networks. This annex provides guidelines for implementing controls to protect the confidentiality, integrity, and availability of […]